thegrind/authentikate
4
0
Fork 0
generated from thegrind/laravel-dockerized
Code Issues Pull Requests Actions Packages Projects Releases 5 Wiki Activity
authentikate/docs/guide/applications.md
Javier Feliz 9db9b0f6b3
All checks were successful
linter / quality (push) Successful in 3m34s
Details
tests / ci (push) Successful in 7m10s
Details
Got claude started on the docs. Will have to update them heavily
2025-08-03 00:23:06 -04:00

188 lines
5.1 KiB
Markdown
Raw Blame History

# Managing Applications
Learn how to create and manage OAuth applications in AuthentiKate.
## Creating Applications
### Via Web Interface
1. **Navigate** to **Applications** in the admin panel
2. **Click** "Create Application"
3. **Fill in** the application details:
- **Name**: Display name for your application
- **Redirect URI**: OAuth callback URL
- **Icon**: Optional icon URL for the application
4. **Save** the application
### Application Details
Each application gets:
- **Unique Client ID**: Public identifier for your application
- **Client Secret**: Private key for token exchange
- **Redirect URI**: Where users return after authentication
::: warning
Keep your Client Secret secure! It should never be exposed in client-side code.
:::
## Application Templates
AuthentiKate includes templates for popular applications:
### Available Templates
- **Grafana**: Analytics and monitoring
- **Nextcloud**: File sharing and collaboration
- **Proxmox**: Virtualization management
- **Portainer**: Docker container management
- **GitLab**: Git repository hosting
Templates automatically configure:
- Correct redirect URI patterns
- Appropriate application icons
- Common configuration settings
## OAuth Configuration
### Client Credentials
```yaml
Client ID: f47ac10b-58cc-4372-a567-0e02b2c3d479
Client Secret: 40-character-random-string
```
### Endpoints
Your applications will use these endpoints:
- **Authorization**: `/oauth/authorize`
- **Token**: `/oauth/token`
- **User Info**: `/oauth/userinfo`
- **JWKS**: `/.well-known/jwks.json`
### Supported Features
- **Authorization Code Flow**: Standard OAuth2 flow
- **PKCE**: Enhanced security for public clients
- **JWT Tokens**: Signed with RSA256
- **Refresh Tokens**: Long-lived token renewal
## Security Best Practices
### Redirect URI Validation
- Use exact URI matching
- Always use HTTPS in production
- Avoid wildcard redirects
### Client Secret Management
- Store secrets securely
- Rotate secrets regularly
- Use different secrets per environment
### Token Handling
- Validate token signatures
- Respect token expiration
- Implement proper logout
## Common Integration Patterns
### Server-Side Applications
Best for applications that can securely store client secrets:
```javascript
// Example: Node.js application
const config = {
clientId: 'your-client-id',
clientSecret: 'your-client-secret',
authorizationURL: 'https://auth.yourdomain.com/oauth/authorize',
tokenURL: 'https://auth.yourdomain.com/oauth/token',
callbackURL: 'https://yourapp.com/auth/callback'
};
```
### Single Page Applications (SPA)
For client-side applications using PKCE:
```javascript
// Example: React application with PKCE
const config = {
clientId: 'your-client-id',
// No client secret for public clients
authorizationURL: 'https://auth.yourdomain.com/oauth/authorize',
tokenURL: 'https://auth.yourdomain.com/oauth/token',
redirectUri: 'https://yourapp.com/callback',
usePKCE: true
};
```
### Mobile Applications
Similar to SPAs, always use PKCE:
```swift
// Example: iOS Swift
let config = OIDServiceConfiguration(
authorizationEndpoint: URL(string: "https://auth.yourdomain.com/oauth/authorize")!,
tokenEndpoint: URL(string: "https://auth.yourdomain.com/oauth/token")!
)
```
## Testing Applications
### Manual Testing
1. **Start OAuth flow** from your application
2. **Verify redirect** to AuthentiKate
3. **Complete authentication**
4. **Confirm successful** return to your app
5. **Check user data** is populated correctly
### Automated Testing
```bash
# Test authorization endpoint
curl "https://auth.yourdomain.com/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URI&response_type=code&scope=openid"
# Test token exchange (after getting auth code)
curl -X POST https://auth.yourdomain.com/oauth/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=authorization_code&code=AUTH_CODE&client_id=CLIENT_ID&client_secret=CLIENT_SECRET&redirect_uri=REDIRECT_URI"
```
## Troubleshooting
### Invalid Redirect URI
**Error**: `The redirect URI is invalid`
**Solutions**:
- Verify exact URL match in application settings
- Check for trailing slashes
- Ensure HTTPS is used
### Invalid Client
**Error**: `Client authentication failed`
**Solutions**:
- Verify Client ID and Secret
- Check that application exists and is active
- Ensure secrets haven't been regenerated
### Token Validation Issues
**Error**: `Invalid token signature`
**Solutions**:
- Use JWKS endpoint for signature validation
- Verify token hasn't expired
- Check token issuer matches AuthentiKate URL
## Application Management
### Updating Applications
- **Edit** application details anytime
- **Regenerate** client secrets if compromised
- **Update** redirect URIs for new environments
### Deactivating Applications
- **Disable** applications to prevent new logins
- Existing tokens remain valid until expiration
- **Re-enable** anytime to restore access
### Monitoring Usage
View application usage in the admin panel:
- **Active tokens** per application
- **Recent authentications**
- **User access patterns**
Your applications are now ready for OAuth integration with AuthentiKate!
Reference in New Issue View Git Blame Copy Permalink